Project import generated by Copybara.

GitOrigin-RevId: ff377a78794d412a35245e05428c8f95fef3951f
This commit is contained in:
Default email 2022-01-07 12:07:37 +08:00
parent 9e79ad0cfa
commit 3e7541c14f
426 changed files with 5310 additions and 2409 deletions

View file

@ -0,0 +1,47 @@
name: "Update terraform-providers"
on:
schedule:
- cron: "14 3 * * 1"
workflow_dispatch:
jobs:
tf-providers:
if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: cachix/install-nix-action@v16
- name: setup
id: setup
run: |
echo ::set-output name=title::"terraform-providers: update $(date -u +"%Y-%m-%d")"
- name: update terraform-providers
run: |
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config user.name "github-actions[bot]"
pushd pkgs/applications/networking/cluster/terraform-providers
./update-all-providers
git commit -m "${{ steps.setup.outputs.title }}" providers.json
popd
- name: create PR
uses: peter-evans/create-pull-request@v3
with:
body: |
Automatic update of terraform providers.
Created by [update-terraform-providers](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/update-terraform-providers.yml) action.
Check that all providers build with `@ofborg build terraform-full`
branch: terraform-providers-update
delete-branch: false
labels: "2.status: work-in-progress"
title: ${{ steps.setup.outputs.title }}
token: ${{ secrets.GITHUB_TOKEN }}
- name: comment on failure
uses: peter-evans/create-or-update-comment@v1
if: ${{ failure() }}
with:
issue-number: 153416
body: |
Automatic update of terraform providers [failed](https://github.com/NixOS/nixpkgs/actions/runs/${{ github.run_id }}).

View file

@ -82,4 +82,11 @@ This is used with repo.or.cz repositories. The arguments expected are very simil
## `fetchFromSourcehut` {#fetchfromsourcehut}
This is used with sourcehut repositories. The arguments expected are very similar to fetchFromGitHub above. Don't forget the tilde (~) in front of the user name!
This is used with sourcehut repositories. Similar to `fetchFromGitHub` above,
it expects `owner`, `repo`, `rev` and `sha256`, but don't forget the tilde (~)
in front of the username! Expected arguments also include `vc` ("git" (default)
or "hg"), `domain` and `fetchSubmodules`.
If `fetchSubmodules` is `true`, `fetchFromSourcehut` uses `fetchgit`
or `fetchhg` with `fetchSubmodules` or `fetchSubrepos` set to `true`,
respectively. Otherwise the fetcher uses `fetchzip`.

View file

@ -74,7 +74,7 @@ there are 3 steps, frontend dependencies (javascript), backend dependencies (eli
##### mixRelease - Frontend dependencies (javascript) {#mix-release-javascript-deps}
for phoenix projects, inside of nixpkgs you can either use yarn2nix (mkYarnModule) or node2nix. An example with yarn2nix can be found [here](https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/web-apps/plausible/default.nix#L39). An example with node2nix will follow. To package something outside of nixpkgs, you have alternatives like [npmlock2nix](https://github.com/nix-community/npmlock2nix) or [nix-npm-buildpackage](https://github.com/serokell/nix-npm-buildpackage)
For phoenix projects, inside of nixpkgs you can either use yarn2nix (mkYarnModule) or node2nix. An example with yarn2nix can be found [here](https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/web-apps/plausible/default.nix#L39). An example with node2nix will follow. To package something outside of nixpkgs, you have alternatives like [npmlock2nix](https://github.com/nix-community/npmlock2nix) or [nix-npm-buildpackage](https://github.com/serokell/nix-npm-buildpackage)
##### mixRelease - backend dependencies (mix) {#mix-release-mix-deps}
@ -82,13 +82,13 @@ There are 2 ways to package backend dependencies. With mix2nix and with a fixed-
###### mix2nix {#mix2nix}
mix2nix is a cli tool available in nixpkgs. it will generate a nix expression from a mix.lock file. It is quite standard in the 2nix tool series.
`mix2nix` is a cli tool available in nixpkgs. it will generate a nix expression from a mix.lock file. It is quite standard in the 2nix tool series.
Note that currently mix2nix can't handle git dependencies inside the mix.lock file. If you have git dependencies, you can either add them manually (see [example](https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/pleroma/default.nix#L20)) or use the FOD method.
The advantage of using mix2nix is that nix will know your whole dependency graph. On a dependency update, this won't trigger a full rebuild and download of all the dependencies, where FOD will do so.
practical steps:
Practical steps:
- run `mix2nix > mix_deps.nix` in the upstream repo.
- pass `mixNixDeps = with pkgs; import ./mix_deps.nix { inherit lib beamPackages; };` as an argument to mixRelease.
@ -280,6 +280,30 @@ mkShell {
}
```
### Using an overlay
If you need to use an overlay to change some attributes of a derivation, e.g. if you need a bugfix from a version that is not yet available in nixpkgs, you can override attributes such as `version` (and the corresponding `sha256`) and then use this overlay in your development environment:
#### `shell.nix`
```nix
let
elixir_1_13_1_overlay = (self: super: {
elixir_1_13 = super.elixir_1_13.override {
version = "1.13.1";
sha256 = "0z0b1w2vvw4vsnb99779c2jgn9bgslg7b1pmd9vlbv02nza9qj5p";
};
});
pkgs = import <nixpkgs> { overlays = [ elixir_1_13_1_overlay ]; };
in
with pkgs;
mkShell {
buildInputs = [
elixir_1_13
];
}
```
#### Elixir - Phoenix project {#elixir---phoenix-project}
Here is an example `shell.nix`.

View file

@ -12,8 +12,7 @@ The function `buildGoModule` builds Go programs managed with Go modules. It buil
In the following is an example expression using `buildGoModule`, the following arguments are of special significance to the function:
- `vendorSha256`: is the hash of the output of the intermediate fetcher derivation. `vendorSha256` can also take `null` as an input. When `null` is used as a value, rather than fetching the dependencies and vendoring them, we use the vendoring included within the source repo. If you'd like to not have to update this field on dependency changes, run `go mod vendor` in your source repo and set `vendorSha256 = null;`
- `runVend`: runs the vend command to generate the vendor directory. This is useful if your code depends on c code and go mod tidy does not include the needed sources to build.
- `proxyVendor`: Fetches (go mod download) and proxies the vendor directory. This is useful if any dependency has case-insensitive conflicts which will produce platform dependant `vendorSha256` checksums.
- `proxyVendor`: Fetches (go mod download) and proxies the vendor directory. This is useful if your code depends on c code and go mod tidy does not include the needed sources to build or if any dependency has case-insensitive conflicts which will produce platform dependant `vendorSha256` checksums.
```nix
pet = buildGoModule rec {
@ -34,7 +33,6 @@ pet = buildGoModule rec {
homepage = "https://github.com/knqyf263/pet";
license = licenses.mit;
maintainers = with maintainers; [ kalbasit ];
platforms = platforms.linux ++ platforms.darwin;
};
}
```

View file

@ -66,7 +66,8 @@ let
stringLength sub substring tail trace;
inherit (self.trivial) id const pipe concat or and bitAnd bitOr bitXor
bitNot boolToString mergeAttrs flip mapNullable inNixShell isFloat min max
importJSON importTOML warn warnIf info showWarnings nixpkgsVersion version
importJSON importTOML warn warnIf throwIfNot
info showWarnings nixpkgsVersion version
mod compare splitByAndCompare functionArgs setFunctionArgs isFunction
toHexString toBaseDigits;
inherit (self.fixedPoints) fix fix' converge extends composeExtensions

View file

@ -177,7 +177,7 @@ rec {
docOption = rec {
loc = opt.loc;
name = showOption opt.loc;
description = opt.description or (lib.warn "Option `${name}' has no description." "This option has no description.");
description = opt.description or null;
declarations = filter (x: x != unknownModule) opt.declarations;
internal = opt.internal or false;
visible =

View file

@ -325,6 +325,28 @@ rec {
*/
warnIf = cond: msg: if cond then warn msg else id;
/*
Like the `assert b; e` expression, but with a custom error message and
without the semicolon.
If true, return the identity function, `r: r`.
If false, throw the error message.
Calls can be juxtaposed using function application, as `(r: r) a = a`, so
`(r: r) (r: r) a = a`, and so forth.
Type: bool -> string -> a -> a
Example:
throwIfNot (lib.isList overlays) "The overlays argument to nixpkgs must be a list."
lib.foldr (x: throwIfNot (lib.isFunction x) "All overlays passed to nixpkgs must be functions.") (r: r) overlays
pkgs
*/
throwIfNot = cond: msg: if cond then x: x else throw msg;
info = msg: builtins.trace "INFO: ${msg}";
showWarnings = warnings: res: lib.foldr (w: x: warn w x) res warnings;

View file

@ -95,6 +95,12 @@
githubId = 7414843;
name = "Nicholas von Klitzing";
};
_13r0ck = {
name = "Brock Szuszczewicz";
email = "bnr@tuta.io";
github = "13r0ck";
githubId = 58987761;
};
_3noch = {
email = "eacameron@gmail.com";
github = "3noch";
@ -946,6 +952,12 @@
githubId = 59696216;
name = "Arnold Farkas";
};
arnoutkroeze = {
email = "nixpkgs@arnoutkroeze.nl";
github = "arnoutkroeze";
githubId = 37151054;
name = "Arnout Kroeze";
};
arobyn = {
email = "shados@shados.net";
github = "shados";
@ -2663,6 +2675,12 @@
email = "christoph.senjak@googlemail.com";
name = "Christoph-Simon Senjak";
};
datafoo = {
email = "34766150+datafoo@users.noreply.github.com";
github = "datafoo";
githubId = 34766150;
name = "datafoo";
};
davhau = {
email = "d.hauer.it@gmail.com";
name = "David Hauer";
@ -2800,6 +2818,12 @@
email = "d4delta@outlook.fr";
name = "Delta";
};
deltadelta = {
email = "contact@libellules.eu";
name = "Dara Ly";
github = "tournemire";
githubId = 20159432;
};
deltaevo = {
email = "deltaduartedavid@gmail.com";
github = "DeltaEvo";
@ -3314,12 +3338,6 @@
github = "edlimerkaj";
githubId = 71988351;
};
edibopp = {
email = "eduard.bopp@aepsil0n.de";
github = "edibopp";
githubId = 3098430;
name = "Eduard Bopp";
};
emantor = {
email = "rouven+nixos@czerwinskis.de";
github = "emantor";
@ -4760,6 +4778,12 @@
github = "higebu";
githubId = 733288;
};
hiljusti = {
name = "J.R. Hill";
email = "hiljusti@so.dang.cool";
github = "hiljusti";
githubId = 17605298;
};
hinton = {
email = "t@larkery.com";
name = "Tom Hinton";
@ -7809,6 +7833,12 @@
githubId = 38543128;
name = "Miles Breslin";
};
milibopp = {
email = "contact@ebopp.de";
github = "milibopp";
githubId = 3098430;
name = "Emilia Bopp";
};
millerjason = {
email = "mailings-github@millerjason.com";
github = "millerjason";
@ -8202,6 +8232,12 @@
githubId = 4996739;
name = "Masayuki Takeda";
};
mtesseract = {
email = "moritz@stackrox.com";
github = "mtesseract";
githubId = 11706080;
name = "Moritz Clasmeier";
};
MtP = {
email = "marko.nixos@poikonen.de";
github = "MtP76";
@ -11599,6 +11635,12 @@
githubId = 2389333;
name = "Andy Tockman";
};
techknowlogick = {
email = "techknowlogick@gitea.io";
github = "techknowlogick";
githubId = 164197;
name = "techknowlogick";
};
Technical27 = {
email = "38222826+Technical27@users.noreply.github.com";
github = "Technical27";
@ -12653,6 +12695,12 @@
email = "tim.williams.public@gmail.com";
name = "Tim Philip Williams";
};
willcohen = {
email = "willcohen@users.noreply.github.com";
github = "willcohen";
githubId = 5185341;
name = "Will Cohen";
};
winden = {
email = "windenntw@gmail.com";
name = "Antonio Vargas Gonzalez";

View file

@ -1,4 +1,13 @@
{ pkgs, options, config, version, revision, extraSources ? [] }:
{ pkgs
, options
, config
, version
, revision
, extraSources ? []
, baseOptionsJSON ? null
, warningsAreErrors ? true
, prefix ? ../../..
}:
with pkgs;
@ -11,11 +20,11 @@ let
#
# E.g. if some `options` came from modules in ${pkgs.customModules}/nix,
# you'd need to include `extraSources = [ pkgs.customModules ]`
prefixesToStrip = map (p: "${toString p}/") ([ ../../.. ] ++ extraSources);
prefixesToStrip = map (p: "${toString p}/") ([ prefix ] ++ extraSources);
stripAnyPrefixes = lib.flip (lib.foldr lib.removePrefix) prefixesToStrip;
optionsDoc = buildPackages.nixosOptionsDoc {
inherit options revision;
inherit options revision baseOptionsJSON warningsAreErrors;
transformOptions = opt: opt // {
# Clean up declaration sites to not refer to the NixOS source tree.
declarations = map stripAnyPrefixes opt.declarations;
@ -161,7 +170,7 @@ let
in rec {
inherit generatedSources;
inherit (optionsDoc) optionsJSON optionsDocBook;
inherit (optionsDoc) optionsJSON optionsNix optionsDocBook;
# Generate the NixOS manual.
manualHTML = runCommand "nixos-manual-html"

View file

@ -5,7 +5,7 @@ extra information. Module meta attributes are defined in the `meta.nix`
special module.
`meta` is a top level attribute like `options` and `config`. Available
meta-attributes are `maintainers` and `doc`.
meta-attributes are `maintainers`, `doc`, and `buildDocsInSandbox`.
Each of the meta-attributes must be defined at most once per module
file.
@ -24,6 +24,7 @@ file.
meta = {
maintainers = with lib.maintainers; [ ericsagnes ];
doc = ./default.xml;
buildDocsInSandbox = true;
};
}
```
@ -38,3 +39,28 @@ file.
```ShellSession
$ nix-build nixos/release.nix -A manual.x86_64-linux
```
- `buildDocsInSandbox` indicates whether the option documentation for the
module can be built in a derivation sandbox. This option is currently only
honored for modules shipped by nixpkgs. User modules and modules taken from
`NIXOS_EXTRA_MODULE_PATH` are always built outside of the sandbox, as has
been the case in previous releases.
Building NixOS option documentation in a sandbox allows caching of the built
documentation, which greatly decreases the amount of time needed to evaluate
a system configuration that has NixOS documentation enabled. The sandbox also
restricts which attributes may be referenced by documentation attributes
(such as option descriptions) to the `options` and `lib` module arguments and
the `pkgs.formats` attribute of the `pkgs` argument, `config` and the rest of
`pkgs` are disallowed and will cause doc build failures when used. This
restriction is necessary because we cannot reproduce the full nixpkgs
instantiation with configuration and overlays from a system configuration
inside the sandbox. The `options` argument only includes options of modules
that are also built inside the sandbox, referencing an option of a module
that isn't built in the sandbox is also forbidden.
The default is `true` and should usually not be changed; set it to `false`
only if the module requires access to `pkgs` in its documentation (e.g.
because it loads information from a linked package to build an option type)
or if its documentation depends on other modules that also aren't sandboxed
(e.g. by using types defined in the other module).

View file

@ -8,8 +8,8 @@
<para>
<literal>meta</literal> is a top level attribute like
<literal>options</literal> and <literal>config</literal>. Available
meta-attributes are <literal>maintainers</literal> and
<literal>doc</literal>.
meta-attributes are <literal>maintainers</literal>,
<literal>doc</literal>, and <literal>buildDocsInSandbox</literal>.
</para>
<para>
Each of the meta-attributes must be defined at most once per module
@ -29,6 +29,7 @@
meta = {
maintainers = with lib.maintainers; [ ericsagnes ];
doc = ./default.xml;
buildDocsInSandbox = true;
};
}
</programlisting>
@ -51,5 +52,44 @@
$ nix-build nixos/release.nix -A manual.x86_64-linux
</programlisting>
</listitem>
<listitem>
<para>
<literal>buildDocsInSandbox</literal> indicates whether the
option documentation for the module can be built in a derivation
sandbox. This option is currently only honored for modules
shipped by nixpkgs. User modules and modules taken from
<literal>NIXOS_EXTRA_MODULE_PATH</literal> are always built
outside of the sandbox, as has been the case in previous
releases.
</para>
<para>
Building NixOS option documentation in a sandbox allows caching
of the built documentation, which greatly decreases the amount
of time needed to evaluate a system configuration that has NixOS
documentation enabled. The sandbox also restricts which
attributes may be referenced by documentation attributes (such
as option descriptions) to the <literal>options</literal> and
<literal>lib</literal> module arguments and the
<literal>pkgs.formats</literal> attribute of the
<literal>pkgs</literal> argument, <literal>config</literal> and
the rest of <literal>pkgs</literal> are disallowed and will
cause doc build failures when used. This restriction is
necessary because we cannot reproduce the full nixpkgs
instantiation with configuration and overlays from a system
configuration inside the sandbox. The <literal>options</literal>
argument only includes options of modules that are also built
inside the sandbox, referencing an option of a module that isnt
built in the sandbox is also forbidden.
</para>
<para>
The default is <literal>true</literal> and should usually not be
changed; set it to <literal>false</literal> only if the module
requires access to <literal>pkgs</literal> in its documentation
(e.g. because it loads information from a linked package to
build an option type) or if its documentation depends on other
modules that also arent sandboxed (e.g. by using types defined
in the other module).
</para>
</listitem>
</itemizedlist>
</section>

View file

@ -325,6 +325,15 @@
files.
</para>
</listitem>
<listitem>
<para>
<literal>fetchFromSourcehut</literal> now allows fetching
repositories recursively using <literal>fetchgit</literal> or
<literal>fetchhg</literal> if the argument
<literal>fetchSubmodules</literal> is set to
<literal>true</literal>.
</para>
</listitem>
</itemizedlist>
</section>
</section>

View file

@ -120,3 +120,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `services.stubby` module was converted to a [settings-style](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) configuration.
- The option `services.duplicati.dataDir` has been added to allow changing the location of duplicati's files.
- `fetchFromSourcehut` now allows fetching repositories recursively
using `fetchgit` or `fetchhg` if the argument `fetchSubmodules`
is set to `true`.

View file

@ -0,0 +1,53 @@
{ libPath
, pkgsLibPath
, nixosPath
, modules
, stateVersion
, release
}:
let
lib = import libPath;
modulesPath = "${nixosPath}/modules";
# dummy pkgs set that contains no packages, only `pkgs.lib` from the full set.
# not having `pkgs.lib` causes all users of `pkgs.formats` to fail.
pkgs = import pkgsLibPath {
inherit lib;
pkgs = null;
};
utils = import "${nixosPath}/lib/utils.nix" {
inherit config lib;
pkgs = null;
};
# this is used both as a module and as specialArgs.
# as a module it sets the _module special values, as specialArgs it makes `config`
# unusable. this causes documentation attributes depending on `config` to fail.
config = {
_module.check = false;
_module.args = {};
system.stateVersion = stateVersion;
};
eval = lib.evalModules {
modules = (map (m: "${modulesPath}/${m}") modules) ++ [
config
];
specialArgs = {
inherit config pkgs utils;
};
};
docs = import "${nixosPath}/doc/manual" {
pkgs = pkgs // {
inherit lib;
# duplicate of the declaration in all-packages.nix
buildPackages.nixosOptionsDoc = attrs:
(import "${nixosPath}/lib/make-options-doc")
({ inherit pkgs lib; } // attrs);
};
config = config.config;
options = eval.options;
version = release;
revision = "release-${release}";
prefix = modulesPath;
};
in
docs.optionsNix

View file

@ -21,6 +21,13 @@
, options
, transformOptions ? lib.id # function for additional tranformations of the options
, revision ? "" # Specify revision for the options
# a set of options the docs we are generating will be merged into, as if by recursiveUpdate.
# used to split the options doc build into a static part (nixos/modules) and a dynamic part
# (non-nixos modules imported via configuration.nix, other module sources).
, baseOptionsJSON ? null
# instead of printing warnings for eg options with missing descriptions (which may be lost
# by nix build unless -L is given), emit errors instead and fail the build
, warningsAreErrors ? true
}:
let
@ -51,10 +58,15 @@ let
# ../../../lib/options.nix influences.
#
# Each element of `relatedPackages` can be either
# - a string: that will be interpreted as an attribute name from `pkgs`,
# - a list: that will be interpreted as an attribute path from `pkgs`,
# - an attrset: that can specify `name`, `path`, `package`, `comment`
# - a string: that will be interpreted as an attribute name from `pkgs` and turned into a link
# to search.nixos.org,
# - a list: that will be interpreted as an attribute path from `pkgs` and turned into a link
# to search.nixos.org,
# - an attrset: that can specify `name`, `path`, `comment`
# (either of `name`, `path` is required, the rest are optional).
#
# NOTE: No checks against `pkgs` are made to ensure that the referenced package actually exists.
# Such checks are not compatible with option docs caching.
genRelatedPackages = packages: optName:
let
unpack = p: if lib.isString p then { name = p; }
@ -64,16 +76,16 @@ let
let
title = args.title or null;
name = args.name or (lib.concatStringsSep "." args.path);
path = args.path or [ args.name ];
package = args.package or (lib.attrByPath path (throw "Invalid package attribute path `${toString path}' found while evaluating `relatedPackages' of option `${optName}'") pkgs);
in "<listitem>"
+ "<para><literal>${lib.optionalString (title != null) "${title} aka "}pkgs.${name} (${package.meta.name})</literal>"
+ lib.optionalString (!package.meta.available) " <emphasis>[UNAVAILABLE]</emphasis>"
+ ": ${package.meta.description or "???"}.</para>"
+ lib.optionalString (args ? comment) "\n<para>${args.comment}</para>"
# Lots of `longDescription's break DocBook, so we just wrap them into <programlisting>
+ lib.optionalString (package.meta ? longDescription) "\n<programlisting>${package.meta.longDescription}</programlisting>"
+ "</listitem>";
in ''
<listitem>
<para>
<link xlink:href="https://search.nixos.org/packages?show=${name}&amp;sort=relevance&amp;query=${name}">
<literal>${lib.optionalString (title != null) "${title} aka "}pkgs.${name}</literal>
</link>
</para>
${lib.optionalString (args ? comment) "<para>${args.comment}</para>"}
</listitem>
'';
in "<itemizedlist>${lib.concatStringsSep "\n" (map (p: describe (unpack p)) packages)}</itemizedlist>";
# Remove invisible and internal options.
@ -99,13 +111,24 @@ in rec {
optionsJSON = pkgs.runCommand "options.json"
{ meta.description = "List of NixOS options in JSON format";
buildInputs = [ pkgs.brotli ];
options = builtins.toFile "options.json"
(builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix));
}
''
# Export list of options in different format.
dst=$out/share/doc/nixos
mkdir -p $dst
cp ${builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix))} $dst/options.json
${
if baseOptionsJSON == null
then "cp $options $dst/options.json"
else ''
${pkgs.python3Minimal}/bin/python ${./mergeJSON.py} \
${lib.optionalString warningsAreErrors "--warnings-are-errors"} \
${baseOptionsJSON} $options \
> $dst/options.json
''
}
brotli -9 < $dst/options.json > $dst/options.json.br

View file

@ -0,0 +1,86 @@
import collections
import json
import sys
from typing import Any, Dict, List
JSON = Dict[str, Any]
class Key:
def __init__(self, path: List[str]):
self.path = path
def __hash__(self):
result = 0
for id in self.path:
result ^= hash(id)
return result
def __eq__(self, other):
return type(self) is type(other) and self.path == other.path
Option = collections.namedtuple('Option', ['name', 'value'])
# pivot a dict of options keyed by their display name to a dict keyed by their path
def pivot(options: Dict[str, JSON]) -> Dict[Key, Option]:
result: Dict[Key, Option] = dict()
for (name, opt) in options.items():
result[Key(opt['loc'])] = Option(name, opt)
return result
# pivot back to indexed-by-full-name
# like the docbook build we'll just fail if multiple options with differing locs
# render to the same option name.
def unpivot(options: Dict[Key, Option]) -> Dict[str, JSON]:
result: Dict[str, Dict] = dict()
for (key, opt) in options.items():
if opt.name in result:
raise RuntimeError(
'multiple options with colliding ids found',
opt.name,
result[opt.name]['loc'],
opt.value['loc'],
)
result[opt.name] = opt.value
return result
warningsAreErrors = sys.argv[1] == "--warnings-are-errors"
optOffset = 1 if warningsAreErrors else 0
options = pivot(json.load(open(sys.argv[1 + optOffset], 'r')))
overrides = pivot(json.load(open(sys.argv[2 + optOffset], 'r')))
# fix up declaration paths in lazy options, since we don't eval them from a full nixpkgs dir
for (k, v) in options.items():
v.value['declarations'] = list(map(lambda s: f'nixos/modules/{s}', v.value['declarations']))
# merge both descriptions
for (k, v) in overrides.items():
cur = options.setdefault(k, v).value
for (ok, ov) in v.value.items():
if ok == 'declarations':
decls = cur[ok]
for d in ov:
if d not in decls:
decls += [d]
elif ok == "type":
# ignore types of placeholder options
if ov != "_unspecified" or cur[ok] == "_unspecified":
cur[ok] = ov
elif ov is not None or cur.get(ok, None) is None:
cur[ok] = ov
# check that every option has a description
hasWarnings = False
for (k, v) in options.items():
if v.value.get('description', None) is None:
severity = "error" if warningsAreErrors else "warning"
hasWarnings = True
print(f"\x1b[1;31m{severity}: option {v.name} has no description\x1b[0m", file=sys.stderr)
v.value['description'] = "This option has no description."
if hasWarnings and warningsAreErrors:
print(
"\x1b[1;31m" +
"Treating warnings as errors. Set documentation.nixos.options.warningsAreErrors " +
"to false to ignore these warnings." +
"\x1b[0m",
file=sys.stderr)
sys.exit(1)
json.dump(unpivot(options), fp=sys.stdout)

View file

@ -14,5 +14,5 @@ KERNEL=="ttyACM*", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="60fc", MODE:="066
#
ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1"
ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789A]?", ENV{MTP_NO_PROBE}="1"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", GROUP+="plugdev"
KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", GROUP+="plugdev"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", GROUP="plugdev"
KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", GROUP="plugdev"

View file

@ -40,4 +40,7 @@ in
};
services.xserver.displayManager.sessionCommands = "${fcitxPackage}/bin/fcitx";
};
# uses attributes of the linked package
meta.buildDocsInSandbox = false;
}

View file

@ -80,4 +80,7 @@ in
ibusPackage
];
};
# uses attributes of the linked package
meta.buildDocsInSandbox = false;
}

View file

@ -45,5 +45,7 @@ in
environment.etc."xdg/kime/config.yaml".text = replaceStrings [ "\\\\" ] [ "\\" ] (builtins.toJSON cfg.config);
};
}
# uses attributes of the linked package
meta.buildDocsInSandbox = false;
}

View file

@ -143,6 +143,23 @@ export TMPDIR=${TMPDIR:-$tmpdir}
sub="auto?trusted=1"
# Copy the NixOS/Nixpkgs sources to the target as the initial contents
# of the NixOS channel.
if [[ -z $noChannelCopy ]]; then
if [[ -z $channelPath ]]; then
channelPath="$(nix-env -p /nix/var/nix/profiles/per-user/root/channels -q nixos --no-name --out-path 2>/dev/null || echo -n "")"
fi
if [[ -n $channelPath ]]; then
echo "copying channel..."
mkdir -p "$mountPoint"/nix/var/nix/profiles/per-user/root
nix-env --store "$mountPoint" "${extraBuildFlags[@]}" --extra-substituters "$sub" \
-p "$mountPoint"/nix/var/nix/profiles/per-user/root/channels --set "$channelPath" --quiet \
"${verbosity[@]}"
install -m 0700 -d "$mountPoint"/root/.nix-defexpr
ln -sfn /nix/var/nix/profiles/per-user/root/channels "$mountPoint"/root/.nix-defexpr/channels
fi
fi
# Build the system configuration in the target filesystem.
if [[ -z $system ]]; then
outLink="$tmpdir/system"
@ -167,23 +184,6 @@ nix-env --store "$mountPoint" "${extraBuildFlags[@]}" \
--extra-substituters "$sub" \
-p "$mountPoint"/nix/var/nix/profiles/system --set "$system" "${verbosity[@]}"
# Copy the NixOS/Nixpkgs sources to the target as the initial contents
# of the NixOS channel.
if [[ -z $noChannelCopy ]]; then
if [[ -z $channelPath ]]; then
channelPath="$(nix-env -p /nix/var/nix/profiles/per-user/root/channels -q nixos --no-name --out-path 2>/dev/null || echo -n "")"
fi
if [[ -n $channelPath ]]; then
echo "copying channel..."
mkdir -p "$mountPoint"/nix/var/nix/profiles/per-user/root
nix-env --store "$mountPoint" "${extraBuildFlags[@]}" --extra-substituters "$sub" \
-p "$mountPoint"/nix/var/nix/profiles/per-user/root/channels --set "$channelPath" --quiet \
"${verbosity[@]}"
install -m 0700 -d "$mountPoint"/root/.nix-defexpr
ln -sfn /nix/var/nix/profiles/per-user/root/channels "$mountPoint"/root/.nix-defexpr/channels
fi
fi
# Mark the target as a NixOS installation, otherwise switch-to-configuration will chicken out.
mkdir -m 0755 -p "$mountPoint/etc"
touch "$mountPoint/etc/NIXOS"

View file

@ -1,19 +1,35 @@
{ config, lib, pkgs, extendModules, noUserModules, ... }:
{ config, options, lib, pkgs, utils, modules, baseModules, extraModules, modulesPath, ... }:
with lib;
let
cfg = config.documentation;
allOpts = options;
/* Modules for which to show options even when not imported. */
extraDocModules = [ ../virtualisation/qemu-vm.nix ];
/* For the purpose of generating docs, evaluate options with each derivation
in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}".
It isn't perfect, but it seems to cover a vast majority of use cases.
Caveat: even if the package is reached by a different means,
the path above will be shown and not e.g. `${config.services.foo.package}`. */
canCacheDocs = m:
let
f = import m;
instance = f (mapAttrs (n: _: abort "evaluating ${n} for `meta` failed") (functionArgs f));
in
cfg.nixos.options.splitBuild
&& builtins.isPath m
&& isFunction f
&& instance ? options
&& instance.meta.buildDocsInSandbox or true;
docModules =
let
p = partition canCacheDocs (baseModules ++ extraDocModules);
in
{
lazy = p.right;
eager = p.wrong ++ optionals cfg.nixos.includeAllModules (extraModules ++ modules);
};
manual = import ../../doc/manual rec {
inherit pkgs config;
version = config.system.nixos.release;
@ -21,10 +37,17 @@ let
extraSources = cfg.nixos.extraModuleSources;
options =
let
extendNixOS = if cfg.nixos.includeAllModules then extendModules else noUserModules.extendModules;
scrubbedEval = extendNixOS {
modules = extraDocModules;
specialArgs.pkgs = scrubDerivations "pkgs" pkgs;
scrubbedEval = evalModules {
modules = [ {
_module.check = false;
} ] ++ docModules.eager;
specialArgs = {
pkgs = scrubDerivations "pkgs" pkgs;
# allow access to arbitrary options for eager modules, eg for getting
# option types from lazy modules
options = allOpts;
inherit modulesPath utils;
};
};
scrubDerivations = namePrefix: pkgSet: mapAttrs
(name: value:
@ -36,6 +59,49 @@ let
)
pkgSet;
in scrubbedEval.options;
baseOptionsJSON =
let
filter =
builtins.filterSource
(n: t:
(t == "directory" -> baseNameOf n != "tests")
&& (t == "file" -> hasSuffix ".nix" n)
);
in
pkgs.runCommand "lazy-options.json" {
libPath = filter "${toString pkgs.path}/lib";
pkgsLibPath = filter "${toString pkgs.path}/pkgs/pkgs-lib";
nixosPath = filter "${toString pkgs.path}/nixos";
modules = map (p: ''"${removePrefix "${modulesPath}/" (toString p)}"'') docModules.lazy;
} ''
export NIX_STORE_DIR=$TMPDIR/store
export NIX_STATE_DIR=$TMPDIR/state
${pkgs.nix}/bin/nix-instantiate \
--show-trace \
--eval --json --strict \
--argstr libPath "$libPath" \
--argstr pkgsLibPath "$pkgsLibPath" \
--argstr nixosPath "$nixosPath" \
--arg modules "[ $modules ]" \
--argstr stateVersion "${options.system.stateVersion.default}" \
--argstr release "${config.system.nixos.release}" \
$nixosPath/lib/eval-cacheable-options.nix > $out \
|| {
echo -en "\e[1;31m"
echo 'Cacheable portion of option doc build failed.'
echo 'Usually this means that an option attribute that ends up in documentation (eg' \
'`default` or `description`) depends on the restricted module arguments' \
'`config` or `pkgs`.'
echo
echo 'Rebuild your configuration with `--show-trace` to find the offending' \
'location. Remove the references to restricted arguments (eg by escaping' \
'their antiquotations or adding a `defaultText`) or disable the sandboxed' \
'build for the failing module by setting `meta.buildDocsInSandbox = false`.'
echo -en "\e[0m"
exit 1
} >&2
'';
inherit (cfg.nixos.options) warningsAreErrors;
};
@ -178,6 +244,25 @@ in
'';
};
nixos.options.splitBuild = mkOption {
type = types.bool;
default = true;
description = ''
Whether to split the option docs build into a cacheable and an uncacheable part.
Splitting the build can substantially decrease the amount of time needed to build
the manual, but some user modules may be incompatible with this splitting.
'';
};
nixos.options.warningsAreErrors = mkOption {
type = types.bool;
default = true;
description = ''
Treat warning emitted during the option documentation build (eg for missing option
descriptions) as errors.
'';
};
nixos.includeAllModules = mkOption {
type = types.bool;
default = false;

View file

@ -352,6 +352,7 @@ in
moonraker = 320;
distcc = 321;
webdav = 322;
pipewire = 323;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -658,6 +659,7 @@ in
moonraker = 320;
distcc = 321;
webdav = 322;
pipewire = 323;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

View file

@ -54,6 +54,21 @@ in
'';
};
buildDocsInSandbox = mkOption {
type = types.bool // {
merge = loc: defs: defs;
};
internal = true;
default = true;
description = ''
Whether to include this module in the split options doc build.
Disable if the module references `config`, `pkgs` or other module
arguments that cannot be evaluated as constants.
This option should be defined at most once per module.
'';
};
};
};

View file

@ -248,4 +248,7 @@ in
)
];
};
# needs a full nixpkgs path to import nixpkgs
meta.buildDocsInSandbox = false;
}

View file

@ -119,4 +119,6 @@ in
};
# uses version info nixpkgs, which requires a full nixpkgs path
meta.buildDocsInSandbox = false;
}

View file

@ -149,4 +149,6 @@ in
];
};
# uses attributes of the linked package
meta.buildDocsInSandbox = false;
}

View file

@ -51,7 +51,10 @@ let
datasetOptions = rec {
use_template = mkOption {
description = "Names of the templates to use for this dataset.";
type = types.listOf (types.enum (attrNames cfg.templates));
type = types.listOf (types.str // {
check = (types.enum (attrNames cfg.templates)).check;
description = "configured template name";
});
default = [ ];
};
useTemplate = use_template;

View file

@ -6,6 +6,7 @@ let
top = config.services.kubernetes;
otop = options.services.kubernetes;
cfg = top.controllerManager;
klib = options.services.kubernetes.lib.default;
in
{
imports = [
@ -56,7 +57,7 @@ in
type = int;
};
kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes controller manager";
kubeconfig = klib.mkKubeConfigOptions "Kubernetes controller manager";
leaderElect = mkOption {
description = "Whether to start leader election before executing main loop.";
@ -129,7 +130,7 @@ in
"--cluster-cidr=${cfg.clusterCidr}"} \
${optionalString (cfg.featureGates != [])
"--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
--kubeconfig=${top.lib.mkKubeConfig "kube-controller-manager" cfg.kubeconfig} \
--kubeconfig=${klib.mkKubeConfig "kube-controller-manager" cfg.kubeconfig} \
--leader-elect=${boolToString cfg.leaderElect} \
${optionalString (cfg.rootCaFile!=null)
"--root-ca-file=${cfg.rootCaFile}"} \
@ -156,7 +157,7 @@ in
path = top.path;
};
services.kubernetes.pki.certs = with top.lib; {
services.kubernetes.pki.certs = with klib; {
controllerManager = mkCert {
name = "kube-controller-manager";
CN = "kube-controller-manager";

View file

@ -193,12 +193,17 @@ in {
inherit mkKubeConfigOptions;
};
type = types.attrs;
readOnly = true;
internal = true;
};
secretsPath = mkOption {
description = "Default location for kubernetes secrets. Not a store location.";
type = types.path;
default = cfg.dataDir + "/secrets";
defaultText = literalExpression ''
config.${opt.dataDir} + "/secrets"
'';
};
};

View file

@ -6,6 +6,7 @@ let
top = config.services.kubernetes;
otop = options.services.kubernetes;
cfg = top.kubelet;
klib = options.services.kubernetes.lib.default;
cniConfig =
if cfg.cni.config != [] && cfg.cni.configDir != null then
@ -27,7 +28,7 @@ let
config.Cmd = ["/bin/pause"];
};
kubeconfig = top.lib.mkKubeConfig "kubelet" cfg.kubeconfig;
kubeconfig = klib.mkKubeConfig "kubelet" cfg.kubeconfig;
manifestPath = "kubernetes/manifests";
@ -177,7 +178,7 @@ in
type = str;
};
kubeconfig = top.lib.mkKubeConfigOptions "Kubelet";
kubeconfig = klib.mkKubeConfigOptions "Kubelet";
manifests = mkOption {
description = "List of manifests to bootstrap with kubelet (only pods can be created as manifest entry)";
@ -358,7 +359,7 @@ in
services.kubernetes.kubelet.hostname = with config.networking;
mkDefault (hostName + optionalString (domain != null) ".${domain}");
services.kubernetes.pki.certs = with top.lib; {
services.kubernetes.pki.certs = with klib; {
kubelet = mkCert {
name = "kubelet";
CN = top.kubelet.hostname;

View file

@ -1,10 +1,11 @@
{ config, lib, pkgs, ... }:
{ config, options, lib, pkgs, ... }:
with lib;
let
top = config.services.kubernetes;
cfg = top.pki;
klib = options.services.kubernetes.lib;
csrCA = pkgs.writeText "kube-pki-cacert-csr.json" (builtins.toJSON {
key = {
@ -29,7 +30,7 @@ let
cfsslAPITokenLength = 32;
clusterAdminKubeconfig = with cfg.certs.clusterAdmin;
top.lib.mkKubeConfig "cluster-admin" {
klib.mkKubeConfig "cluster-admin" {
server = top.apiserverAddress;
certFile = cert;
keyFile = key;
@ -250,7 +251,7 @@ in
# - it would be better with a more Nix-oriented way of managing addons
systemd.services.kube-addon-manager = mkIf top.addonManager.enable (mkMerge [{
environment.KUBECONFIG = with cfg.certs.addonManager;
top.lib.mkKubeConfig "addon-manager" {
klib.mkKubeConfig "addon-manager" {
server = top.apiserverAddress;
certFile = cert;
keyFile = key;
@ -343,7 +344,7 @@ in
'';
services.flannel = with cfg.certs.flannelClient; {
kubeconfig = top.lib.mkKubeConfig "flannel" {
kubeconfig = klib.mkKubeConfig "flannel" {
server = top.apiserverAddress;
certFile = cert;
keyFile = key;

View file

@ -6,6 +6,7 @@ let
top = config.services.kubernetes;
otop = options.services.kubernetes;
cfg = top.proxy;
klib = options.services.kubernetes.lib.default;
in
{
imports = [
@ -43,7 +44,7 @@ in
type = str;
};
kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes proxy";
kubeconfig = klib.mkKubeConfigOptions "Kubernetes proxy";
verbosity = mkOption {
description = ''
@ -72,7 +73,7 @@ in
${optionalString (cfg.featureGates != [])
"--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
--hostname-override=${cfg.hostname} \
--kubeconfig=${top.lib.mkKubeConfig "kube-proxy" cfg.kubeconfig} \
--kubeconfig=${klib.mkKubeConfig "kube-proxy" cfg.kubeconfig} \
${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \
${cfg.extraOpts}
'';
@ -88,7 +89,7 @@ in
services.kubernetes.proxy.hostname = with config.networking; mkDefault hostName;
services.kubernetes.pki.certs = {
kubeProxyClient = top.lib.mkCert {
kubeProxyClient = klib.mkCert {
name = "kube-proxy-client";
CN = "system:kube-proxy";
action = "systemctl restart kube-proxy.service";

View file

@ -6,6 +6,7 @@ let
top = config.services.kubernetes;
otop = options.services.kubernetes;
cfg = top.scheduler;
klib = options.services.kubernetes.lib.default;
in
{
###### interface
@ -32,7 +33,7 @@ in
type = listOf str;
};
kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes scheduler";
kubeconfig = klib.mkKubeConfigOptions "Kubernetes scheduler";
leaderElect = mkOption {
description = "Whether to start leader election before executing main loop.";
@ -69,7 +70,7 @@ in
--address=${cfg.address} \
${optionalString (cfg.featureGates != [])
"--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
--kubeconfig=${top.lib.mkKubeConfig "kube-scheduler" cfg.kubeconfig} \
--kubeconfig=${klib.mkKubeConfig "kube-scheduler" cfg.kubeconfig} \
--leader-elect=${boolToString cfg.leaderElect} \
--port=${toString cfg.port} \
${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \
@ -87,7 +88,7 @@ in
};
services.kubernetes.pki.certs = {
schedulerClient = top.lib.mkCert {
schedulerClient = klib.mkCert {
name = "kube-scheduler-client";
CN = "system:kube-scheduler";
action = "systemctl restart kube-scheduler.service";

View file

@ -1,9 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, options, lib, pkgs, ... }:
with lib;
let
cfg = config.services.couchdb;
opt = options.services.couchdb;
configFile = pkgs.writeText "couchdb.ini" (
''
[couchdb]
@ -153,6 +154,7 @@ in {
argsFile = mkOption {
type = types.path;
default = "${cfg.package}/etc/vm.args";
defaultText = literalExpression ''"config.${opt.package}/etc/vm.args"'';
description = ''
vm.args configuration. Overrides Couchdb's Erlang VM parameters file.
'';

View file

@ -54,7 +54,7 @@ in
systemd.packages = [ cfg.package ];
services.udev.packages = [ pkgs.libmtp ];
services.udev.packages = [ pkgs.libmtp.out ];
# Needed for unwrapped applications
environment.variables.GIO_EXTRA_MODULES = [ "${cfg.package}/lib/gio/modules" ];

View file

@ -29,6 +29,8 @@ in {
meta = {
maintainers = teams.freedesktop.members;
# uses attributes of the linked package
buildDocsInSandbox = false;
};
###### interface
@ -94,6 +96,12 @@ in {
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
systemd.packages = [ cfg.package ];
# Enable either system or user units.
systemd.services.pipewire-media-session.enable = config.services.pipewire.systemWide;
systemd.user.services.pipewire-media-session.enable = !config.services.pipewire.systemWide;
systemd.services.pipewire-media-session.wantedBy = [ "pipewire.service" ];
systemd.user.services.pipewire-media-session.wantedBy = [ "pipewire.service" ];
environment.etc."pipewire/media-session.d/media-session.conf" = {

View file

@ -40,6 +40,8 @@ in {
meta = {
maintainers = teams.freedesktop.members;
# uses attributes of the linked package
buildDocsInSandbox = false;
};
###### interface
@ -123,6 +125,22 @@ in {
pulse = {
enable = mkEnableOption "PulseAudio server emulation";
};
systemWide = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
If true, a system-wide PipeWire service and socket is enabled
allowing all users in the "pipewire" group to use it simultaneously.
If false, then user units are used instead, restricting access to
only one user.
Enabling system-wide PipeWire is however not recommended and disabled
by default according to
https://github.com/PipeWire/pipewire/blob/master/NEWS
'';
};
};
};
@ -148,9 +166,20 @@ in {
# PipeWire depends on DBUS but doesn't list it. Without this booting
# into a terminal results in the service crashing with an error.
systemd.services.pipewire.bindsTo = [ "dbus.service" ];
systemd.user.services.pipewire.bindsTo = [ "dbus.service" ];
# Enable either system or user units. Note that for pipewire-pulse there
# are only user units, which work in both cases.
systemd.sockets.pipewire.enable = cfg.systemWide;
systemd.services.pipewire.enable = cfg.systemWide;
systemd.user.sockets.pipewire.enable = !cfg.systemWide;
systemd.user.services.pipewire.enable = !cfg.systemWide;
systemd.sockets.pipewire.wantedBy = lib.mkIf cfg.socketActivation [ "sockets.target" ];
systemd.user.sockets.pipewire.wantedBy = lib.mkIf cfg.socketActivation [ "sockets.target" ];
systemd.user.sockets.pipewire-pulse.wantedBy = lib.mkIf (cfg.socketActivation && cfg.pulse.enable) ["sockets.target"];
systemd.user.services.pipewire.bindsTo = [ "dbus.service" ];
services.udev.packages = [ cfg.package ];
# If any paths are updated here they must also be updated in the package test.
@ -194,7 +223,22 @@ in {
environment.sessionVariables.LD_LIBRARY_PATH =
lib.optional cfg.jack.enable "${cfg.package.jack}/lib";
users = lib.mkIf cfg.systemWide {
users.pipewire = {
uid = config.ids.uids.pipewire;
group = "pipewire";
extraGroups = [
"audio"
"video"
] ++ lib.optional config.security.rtkit.enable "rtkit";
description = "Pipewire system service user";
isSystemUser = true;
};
groups.pipewire.gid = config.ids.gids.pipewire;
};
# https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/464#note_723554
systemd.services.pipewire.environment."PIPEWIRE_LINK_PASSIVE" = "1";
systemd.user.services.pipewire.environment."PIPEWIRE_LINK_PASSIVE" = "1";
};
}

View file

@ -182,6 +182,27 @@ in {
Restart = "always";
User = "minecraft";
WorkingDirectory = cfg.dataDir;
# Hardening
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
LockPersonality = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
UMask = "0077";
};
preStart = ''

View file

@ -226,4 +226,7 @@ in {
isSystemUser = true;
};
};
# uses attributes of the linked package
meta.buildDocsInSandbox = false;
}

View file

@ -678,7 +678,7 @@ in
rev = "ff96a0fa5635770390b184ae74debea75c3fd534";
ref = "nixos-unstable";
};
image_from_nixpkgs = (import ("${pkgs.sourcehut.buildsrht}/lib/images/nixos/image.nix") {
image_from_nixpkgs = (import ("''${pkgs.sourcehut.buildsrht}/lib/images/nixos/image.nix") {
pkgs = (import pkgs_unstable {});
});
in
@ -696,6 +696,7 @@ in
package = mkOption {
type = types.package;
default = pkgs.git;
defaultText = literalExpression "pkgs.git";
example = literalExpression "pkgs.gitFull";
description = ''
Git package for git.sr.ht. This can help silence collisions.
@ -712,6 +713,7 @@ in
package = mkOption {
type = types.package;
default = pkgs.mercurial;
defaultText = literalExpression "pkgs.mercurial";
description = ''
Mercurial package for hg.sr.ht. This can help silence collisions.
'';

View file

@ -251,6 +251,13 @@ let
promTypes.scrape_config = types.submodule {
options = {
authorization = mkOption {
type = types.attrs;
default = {};
description = ''
Sets the `Authorization` header on every scrape request with the configured credentials.
'';
};
job_name = mkOption {
type = types.str;
description = ''

View file

@ -10,12 +10,20 @@ let
"--pidfile /run/AdGuardHome/AdGuardHome.pid"
"--work-dir /var/lib/AdGuardHome/"
"--config /var/lib/AdGuardHome/AdGuardHome.yaml"
"--host ${cfg.host}"
"--port ${toString cfg.port}"
] ++ cfg.extraArgs);
in
{
baseConfig = {
bind_host = cfg.host;
bind_port = cfg.port;
};
configFile = pkgs.writeTextFile {
name = "AdGuardHome.yaml";
text = builtins.toJSON (recursiveUpdate cfg.settings baseConfig);
checkPhase = "${pkgs.adguardhome}/bin/adguardhome -c $out --check-config";
};
in {
options.services.adguardhome = with types; {
enable = mkEnableOption "AdGuard Home network-wide ad blocker";
@ -44,6 +52,31 @@ in
'';
};
mutableSettings = mkOption {
default = true;
type = bool;
description = ''
Allow changes made on the AdGuard Home web interface to persist between
service restarts.
'';
};
settings = mkOption {
type = (pkgs.formats.yaml { }).type;
default = { };
description = ''
AdGuard Home configuration. Refer to
<link xlink:href="https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#configuration-file"/>
for details on supported values.
<note><para>
On start and if <option>mutableSettings</option> is <literal>true</literal>,
these options are merged into the configuration file on start, taking
precedence over configuration changes made on the web interface.
</para></note>
'';
};
extraArgs = mkOption {
default = [ ];
type = listOf str;
@ -62,6 +95,19 @@ in
StartLimitIntervalSec = 5;
StartLimitBurst = 10;
};
preStart = ''
if [ -e "$STATE_DIRECTORY/AdGuardHome.yaml" ] \
&& [ "${toString cfg.mutableSettings}" = "1" ]; then
# Writing directly to AdGuardHome.yaml results in empty file
${pkgs.yaml-merge}/bin/yaml-merge "$STATE_DIRECTORY/AdGuardHome.yaml" "${configFile}" > "$STATE_DIRECTORY/AdGuardHome.yaml.tmp"
mv "$STATE_DIRECTORY/AdGuardHome.yaml.tmp" "$STATE_DIRECTORY/AdGuardHome.yaml"
else
cp --force "${configFile}" "$STATE_DIRECTORY/AdGuardHome.yaml"
chmod 600 "$STATE_DIRECTORY/AdGuardHome.yaml"
fi
'';
serviceConfig = {
DynamicUser = true;
ExecStart = "${pkgs.adguardhome}/bin/adguardhome ${args}";

View file

@ -118,4 +118,7 @@ in
};
};
};
# uses attributes of the linked package
meta.buildDocsInSandbox = false;
}

View file

@ -378,4 +378,6 @@ in
]);
meta.maintainers = with maintainers; [ hexa ];
# uses attributes of the linked package
meta.buildDocsInSandbox = false;
}

View file

@ -228,5 +228,4 @@ in
};
meta.maintainers = with maintainers; [ rnhmjoj ];
}

View file

@ -435,5 +435,5 @@ in
);
};
meta.maintainers = with maintainers; [ minijackson ];
meta.maintainers = with maintainers; [ minijackson mic92 ];
}

View file

@ -100,6 +100,7 @@ in
confDir = mkOption {
type = types.path;
default = confDir;
defaultText = literalDocBook "generated from configuration";
description = "The location of the config files for xrdp.";
};
};

View file

@ -1,7 +1,8 @@
{ config, pkgs, lib, ... }:
{ config, options, pkgs, lib, ... }:
with lib;
let
cfg = config.services.aesmd;
opt = options.services.aesmd;
sgx-psw = pkgs.sgx-psw.override { inherit (cfg) debug; };
@ -43,6 +44,9 @@ in
options.proxyType = mkOption {
type = with types; nullOr (enum [ "default" "direct" "manual" ]);
default = if (cfg.settings.proxy != null) then "manual" else null;
defaultText = literalExpression ''
if (config.${opt.settings}.proxy != null) then "manual" else null
'';
example = "default";
description = ''
Type of proxy to use. The <literal>default</literal> uses the system's default proxy.

View file

@ -179,4 +179,7 @@ in {
wantedBy = [ "multi-user.target" ];
};
};
# uses attributes of the linked package
meta.buildDocsInSandbox = false;
}

View file

@ -329,9 +329,6 @@ in {
${pkgs.php}/bin/php artisan cache:clear
${pkgs.php}/bin/php artisan config:clear
${pkgs.php}/bin/php artisan view:clear
${pkgs.php}/bin/php artisan config:cache
${pkgs.php}/bin/php artisan route:cache
${pkgs.php}/bin/php artisan view:cache
'';
};

View file

@ -112,4 +112,7 @@ in
};
};
};
# uses attributes of the linked package
meta.buildDocsInSandbox = false;
}

View file

@ -237,4 +237,6 @@ in
};
meta.maintainers = with lib.maintainers; [ edef zimbatm ];
# uses attributes of the linked package
meta.buildDocsInSandbox = false;
}

View file

@ -167,4 +167,7 @@ in
"d ${cfg.dataDir}/async/ 0750 ${user} ${group} - -"
];
};
# uses attributes of the linked package
meta.buildDocsInSandbox = false;
}

View file

@ -146,4 +146,7 @@ in
group = "powerdnsadmin";
};
};
# uses attributes of the linked package
meta.buildDocsInSandbox = false;
}

View file

@ -359,7 +359,7 @@ in
DirectoryIndex index.php
Require all granted
Options +FollowSymLinks
Options +FollowSymLinks -Indexes
</Directory>
# https://wordpress.org/support/article/hardening-wordpress/#securing-wp-config-php

View file

@ -36,6 +36,7 @@ in
enlightenment.econnman
enlightenment.efl
enlightenment.enlightenment
enlightenment.ecrire
enlightenment.ephoto
enlightenment.rage
enlightenment.terminology

View file

@ -865,4 +865,6 @@ in
};
# uses relatedPackages
meta.buildDocsInSandbox = false;
}

View file

@ -317,4 +317,6 @@ in
};
# uses extendModules to generate a type
meta.buildDocsInSandbox = false;
}

View file

@ -20,16 +20,20 @@ let
optionalString fixBinary "F";
in ":${name}:${type}:${offset'}:${magicOrExtension}:${mask'}:${interpreter}:${flags}";
activationSnippet = name: { interpreter, ... }: ''
activationSnippet = name: { interpreter, wrapInterpreterInShell, ... }: if wrapInterpreterInShell then ''
rm -f /run/binfmt/${name}
cat > /run/binfmt/${name} << 'EOF'
#!${pkgs.bash}/bin/sh
exec -- ${interpreter} "$@"
EOF
chmod +x /run/binfmt/${name}
'' else ''
rm -f /run/binfmt/${name}
ln -s ${interpreter} /run/binfmt/${name}
'';
getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs;
getQemuArch = system: (lib.systems.elaborate { inherit system; }).qemuArch;
# Mapping of systems to “magicOrExtension” and “mask”. Mostly taken from:
# - https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix
@ -238,6 +242,25 @@ in {
'';
type = types.bool;
};
wrapInterpreterInShell = mkOption {
default = true;
description = ''
Whether to wrap the interpreter in a shell script.
This allows a shell command to be set as the interpreter.
'';
type = types.bool;
};
interpreterSandboxPath = mkOption {
internal = true;
default = null;
description = ''
Path of the interpreter to expose in the build sandbox.
'';
type = types.nullOr types.path;
};
};
}));
};
@ -258,16 +281,37 @@ in {
config = {
boot.binfmt.registrations = builtins.listToAttrs (map (system: {
name = system;
value = {
value = let
interpreter = getEmulator system;
qemuArch = getQemuArch system;
preserveArgvZero = "qemu-${qemuArch}" == baseNameOf interpreter;
interpreterReg = let
wrapperName = "qemu-${qemuArch}-binfmt-P";
wrapper = pkgs.wrapQemuBinfmtP wrapperName interpreter;
in
if preserveArgvZero then "${wrapper}/bin/${wrapperName}"
else interpreter;
in {
inherit preserveArgvZero;
interpreter = interpreterReg;
wrapInterpreterInShell = !preserveArgvZero;
interpreterSandboxPath = dirOf (dirOf interpreterReg);
} // (magics.${system} or (throw "Cannot create binfmt registration for system ${system}"));
}) cfg.emulatedSystems);
# TODO: add a nix.extraPlatforms option to NixOS!
nix.extraOptions = lib.mkIf (cfg.emulatedSystems != []) ''
extra-platforms = ${toString (cfg.emulatedSystems ++ lib.optional pkgs.stdenv.hostPlatform.isx86_64 "i686-linux")}
'';
nix.sandboxPaths = lib.mkIf (cfg.emulatedSystems != [])
([ "/run/binfmt" "${pkgs.bash}" ] ++ (map (system: dirOf (dirOf (getEmulator system))) cfg.emulatedSystems));
nix.sandboxPaths = lib.mkIf (cfg.emulatedSystems != []) (
let
ruleFor = system: cfg.registrations.${system};
hasWrappedRule = lib.any (system: (ruleFor system).wrapInterpreterInShell) cfg.emulatedSystems;
in [ "/run/binfmt" ]
++ lib.optional hasWrappedRule "${pkgs.bash}"
++ (map (system: (ruleFor system).interpreterSandboxPath) cfg.emulatedSystems)
);
environment.etc."binfmt.d/nixos.conf".source = builtins.toFile "binfmt_nixos.conf"
(lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine config.boot.binfmt.registrations));

View file

@ -999,4 +999,7 @@ in
];
};
# uses types of services/x11/xserver.nix
meta.buildDocsInSandbox = false;
}

View file

@ -450,5 +450,4 @@ in
};
};
}

View file

@ -73,7 +73,7 @@ in
machine.fail('su - test1 -c "sudo -n -u root true"')
with subtest("users in group 'foobar' should be able to use sudo with password"):
machine.succeed("sudo -u test2 echo ${password} | sudo -S -u root true")
machine.succeed('su - test2 -c "echo ${password} | sudo -S -u root true"')
with subtest("users in group 'barfoo' should be able to use sudo without password"):
machine.succeed("sudo -u test3 sudo -n -u root true")

View file

@ -1,6 +1,35 @@
# Teach the kernel how to run armv7l and aarch64-linux binaries,
# and run GNU Hello for these architectures.
import ./make-test-python.nix ({ pkgs, ... }: {
{ system ? builtins.currentSystem,
config ? {},
pkgs ? import ../.. { inherit system config; }
}:
with import ../lib/testing-python.nix { inherit system pkgs; };
let
expectArgv0 = xpkgs: xpkgs.runCommandCC "expect-argv0" {
src = pkgs.writeText "expect-argv0.c" ''
#include <stdio.h>
#include <string.h>
int main(int argc, char **argv) {
fprintf(stderr, "Our argv[0] is %s\n", argv[0]);
if (strcmp(argv[0], argv[1])) {
fprintf(stderr, "ERROR: argv[0] is %s, should be %s\n", argv[0], argv[1]);
return 1;
}
return 0;
}
'';
} ''
$CC -o $out $src
'';
in {
basic = makeTest {
name = "systemd-binfmt";
machine = {
boot.binfmt.emulatedSystems = [
@ -14,11 +43,48 @@ import ./make-test-python.nix ({ pkgs, ... }: {
helloAarch64 = pkgs.pkgsCross.aarch64-multiplatform.hello;
in ''
machine.start()
assert "world" in machine.succeed(
"${helloArmv7l}/bin/hello"
)
assert "world" in machine.succeed(
"${helloAarch64}/bin/hello"
)
'';
})
};
preserveArgvZero = makeTest {
name = "systemd-binfmt-preserve-argv0";
machine = {
boot.binfmt.emulatedSystems = [
"aarch64-linux"
];
};
testScript = let
testAarch64 = expectArgv0 pkgs.pkgsCross.aarch64-multiplatform;
in ''
machine.start()
machine.succeed("exec -a meow ${testAarch64} meow")
'';
};
ldPreload = makeTest {
name = "systemd-binfmt-ld-preload";
machine = {
boot.binfmt.emulatedSystems = [
"aarch64-linux"
];
};
testScript = let
helloAarch64 = pkgs.pkgsCross.aarch64-multiplatform.hello;
libredirectAarch64 = pkgs.pkgsCross.aarch64-multiplatform.libredirect;
in ''
machine.start()
assert "error" not in machine.succeed(
"LD_PRELOAD='${libredirectAarch64}/lib/libredirect.so' ${helloAarch64}/bin/hello 2>&1"
).lower()
'';
};
}

View file

@ -19,13 +19,13 @@ let
in
stdenv.mkDerivation rec {
pname = "bucklespring";
version = "1.5.0";
version = "1.5.1";
src = fetchFromGitHub {
owner = "zevv";
repo = pname;
rev = version;
sha256 = "114dib4npb7r1z2zd1fwsx71xbf9r6psxqd7n7590cwz1w3r51mz";
rev = "v${version}";
sha256 = "0prhqibivxzmz90k79zpwx3c97h8wa61rk5ihi9a5651mnc46mna";
};
nativeBuildInputs = [ pkg-config makeWrapper ];

View file

@ -21,20 +21,20 @@
stdenv.mkDerivation rec {
pname = "gnome-podcasts";
version = "0.5.0";
version = "0.5.1";
src = fetchFromGitLab {
domain = "gitlab.gnome.org";
owner = "World";
repo = "podcasts";
rev = version;
hash = "sha256-Jk++/QrQt/fjOz2OaEIr1Imq2DmqTjcormCebjO4/Kk=";
sha256 = "00vy1qkkpn76jdpybsq9qp8s6fh1ih10j73p2x43sl97m5g8944h";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
hash = "sha256-jlXpeVabc1h2GU1j9Ff6GZJec+JgFyOdJzsOtdkrEWI=";
sha256 = "0y34b5rnr75h7dxbx93mafrmwsh187wq5js7fmkb1m1yyybj1v1x";
};
nativeBuildInputs = [
@ -79,5 +79,6 @@ stdenv.mkDerivation rec {
license = licenses.gpl3Plus;
maintainers = teams.gnome.members;
platforms = platforms.unix;
broken = stdenv.isDarwin; # never built on Hydra https://hydra.nixos.org/job/nixpkgs/trunk/gnome-podcasts.x86_64-darwin
};
}

View file

@ -7,7 +7,7 @@
, alsa-lib
, libsndfile
, qt4
, qscintilla
, qscintilla-qt4
, libpulseaudio
, libjack2
, audioBackend ? "pulse" # "pulse", "alsa", or "jack"
@ -39,7 +39,7 @@ stdenv.mkDerivation rec {
alsa-lib
libsndfile
qt4
qscintilla
qscintilla-qt4
] ++ lib.optional (audioBackend == "pulse") libpulseaudio
++ lib.optional (audioBackend == "jack") libjack2;

View file

@ -21,6 +21,8 @@ lib.makeScope newScope (self: with self; {
mopidy-mpris = callPackage ./mpris.nix { };
mopidy-muse = callPackage ./muse.nix { };
mopidy-musicbox-webclient = callPackage ./musicbox-webclient.nix { };
mopidy-podcast = callPackage ./podcast.nix { };

View file

@ -0,0 +1,29 @@
{ lib, pythonPackages, mopidy }:
pythonPackages.buildPythonApplication rec {
pname = "mopidy-muse";
version = "0.0.27";
src = pythonPackages.fetchPypi {
inherit version;
pname = "Mopidy-Muse";
sha256 = "0jx9dkgxr07avzz9zskzhqy98zsxkdrf7iid2ax5vygwf8qsx8ks";
};
propagatedBuildInputs = [
mopidy
pythonPackages.pykka
];
pythonImportsCheck = [ "mopidy_muse" ];
# has no tests
doCheck = false;
meta = with lib; {
description = "Mopidy web client with Snapcast support";
homepage = "https://github.com/cristianpb/muse";
license = licenses.asl20;
maintainers = with maintainers; [ hexa ];
};
}

View file

@ -13,11 +13,11 @@
stdenv.mkDerivation rec {
pname = "paprefs";
version = "1.1";
version = "1.2";
src = fetchurl {
url = "https://freedesktop.org/software/pulseaudio/paprefs/paprefs-${version}.tar.xz";
sha256 = "189z5p20hk0xv9vwvym293503j4pwl03xqk9hl7cl6dwgv0l7wkf";
sha256 = "sha256-s/IeQNw5NtFeP/yRD7DAfBS4jowodxW0VqlIwXY49jM=";
};
nativeBuildInputs = [

View file

@ -37,13 +37,13 @@ in
stdenv.mkDerivation rec {
pname = "snapcast";
version = "0.25.0";
version = "0.26.0";
src = fetchFromGitHub {
owner = "badaix";
repo = "snapcast";
rev = "v${version}";
sha256 = "064pcpr5dsv9hncqkrnxriva4xjv1vcxhvc69h1an8x8vn4dwgmf";
sha256 = "sha256-CCifn9OEFM//Hk1PJj8T3MXIV8pXCTdBBXPsHuZwLyQ=";
};
nativeBuildInputs = [ cmake pkg-config ];

View file

@ -25,7 +25,7 @@ stdenv.mkDerivation rec {
owner = "bitcoinclassic";
repo = "bitcoinclassic";
rev = "v${version}";
sha256 = "sha256-V1cOB5FLotGS5jup/aVaiDiyr/v2KJ2SLcIu/Hrjuwk=";
sha256 = "sha256-fVmFD1B4kKoejd2cmPPF5TJJQTAA6AVsGlVY8IIUNK4=";
};
nativeBuildInputs = [ pkg-config autoreconfHook ];

View file

@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
owner = "dashpay";
repo= "dash";
rev = "v${version}";
sha256 = "0l1gcj2xf2bal9ph9y11x8yd28fd25f55f48xbm45bfw3ij7nbaa";
sha256 = "sha256-DMoiUX8Q0HcBHA6ZIN58uPsTnHjEJMi8eGG2DW8z17Q=";
};
nativeBuildInputs = [ pkg-config autoreconfHook ];

View file

@ -12,16 +12,16 @@ let
in
rustPlatform.buildRustPackage rec {
pname = "electrs";
version = "0.9.3";
version = "0.9.4";
src = fetchFromGitHub {
owner = "romanz";
repo = pname;
rev = "v${version}";
hash = "sha256-sTQ/dX1uXJkEmrNZ47qjBlrexO50y0NGNhw71rHc9bw=";
hash = "sha256-37KTcLFVzuXlLpz9INXbasUdzuY+T34ef8EtfczQ+D8=";
};
cargoHash = "sha256-1ZQt8LaqgxNxFfgCVCK0GVwbcVfX3v9iz7tHvzgyI0g=";
cargoHash = "sha256-aOSCpvejMUfSZCDwShqMPEc3vXw9ri2QvTaCuHODTwA=";
# needed for librocksdb-sys
nativeBuildInputs = [ llvmPackages.clang ];

View file

@ -11,8 +11,8 @@ buildGoModule rec {
sha256 = "0l0w1badhvlh1rgqzvlmy5k7xhb1nf4f5dmhkl935a5ila08aak3";
};
vendorSha256 = "1hbfmq76zm50zwmlh3jblriwq2k1mp99d8lg8xzxwy56hncgfj8k";
runVend = true;
vendorSha256 = "sha256-kA7pOSP4wkzKuFmUqhZmjXJ0ao64cIgZMrQtQ0bQ++U=";
proxyVendor = true;
# Build errors in mdbx when format hardening is enabled:
# cc1: error: '-Wformat-security' ignored without '-Wformat' [-Werror=format-security]

View file

@ -0,0 +1,29 @@
{ lib
, stdenv
, fetchurl
}:
stdenv.mkDerivation rec {
pname = "em";
version = "1.0.0";
src = fetchurl {
url = "http://pgas.freeshell.org/C/em/${pname}-${version}.tar.gz";
hash = "sha256-ijMBkl7U1f9MTXgli9kUFB8ttMG6TMQnxfDMP9AblTQ=";
};
meta = with lib; {
homepage = "http://pgas.freeshell.org/C/em/";
description = "Editor for Mortals";
longDescription = ''
Em is a QMC variant of the standard Unix text editor - ed. It includes all
of ed, so the documentation for ed is fully applicable to em. Em also has
a number of new commands and facilities designed to improve its
interaction and increase its usefulness to users at fast vdu terminals
(such as the ITT's at QMC).
'';
license = licenses.publicDomain;
maintainers = with maintainers; [ AndersonTorres ];
platforms = platforms.unix;
};
}

View file

@ -2,17 +2,17 @@
rustPlatform.buildRustPackage rec {
pname = "helix";
version = "0.5.0";
version = "0.6.0";
src = fetchFromGitHub {
owner = "helix-editor";
repo = pname;
rev = "v${version}";
fetchSubmodules = true;
sha256 = "sha256-NoVg/8oJIgMQtxlCSjrLnYCG8shigYqZzWAQwmiqxgA=";
sha256 = "sha256-d/USOtcPLjdgzN7TBCouBRmoSDH5LZD4R5Qq7lUrWZw=";
};
cargoSha256 = "sha256-kqPI8WpGpr0VL7CbBTSsjKl3xqJrv/6Qjr6UFnIgaVo=";
cargoSha256 = "sha256-/EATU7HsGNB35YOBp8sofbPd1nl4d3Ggj1ay3QuHkCI=";
nativeBuildInputs = [ makeWrapper ];

View file

@ -114,7 +114,7 @@ in mkDerivation rec {
cmakeFlags = [
"-DCMAKE_SKIP_BUILD_RPATH=OFF"
"-DPYQT5_SIP_DIR=${python3Packages.pyqt5}/${python3Packages.python.sitePackages}/PyQt5/bindings"
"-DQSCI_SIP_DIR=${python3Packages.qscintilla-qt5}/share/sip/PyQt5"
"-DQSCI_SIP_DIR=${python3Packages.qscintilla-qt5}/${python3Packages.python.sitePackages}/PyQt5/bindings"
] ++ lib.optional (!withWebKit) "-DWITH_QTWEBKIT=OFF"
++ lib.optional withGrass "-DGRASS_PREFIX7=${grass}/${grass.name}";

View file

@ -14,7 +14,7 @@ in mkDerivation {
src = fetchurl {
# NB: this URL is not stable (i.e. the underlying file and the corresponding version will change over time)
url = "http://web.archive.org/web/20201206221727if_/https://download.opendesign.com/guestfiles/Demo/ODAFileConverter_QT5_lnxX64_7.2dll_21.11.deb";
url = "https://web.archive.org/web/20201206221727if_/https://download.opendesign.com/guestfiles/Demo/ODAFileConverter_QT5_lnxX64_7.2dll_21.11.deb";
sha256 = "10027a3ab18efd04ca75aa699ff550eca3bdfe6f7084460d3c00001bffb50070";
};

View file

@ -1,6 +1,6 @@
{ boost, cmake, fetchFromGitHub, freeglut, freetype, glew, libjpeg, libmypaint
, libpng, libtiff, libusb1, lz4, xz, lzo, openblas, pkg-config, qtbase
, qtmultimedia, qtscript, lib, stdenv, superlu, wrapQtAppsHook, }:
, libpng, libtiff, libusb1, lz4, xz, lzo, openblas, opencv, pkg-config, qtbase
, qtmultimedia, qtscript, qtserialport, lib, stdenv, superlu, wrapQtAppsHook, }:
let source = import ./source.nix { inherit fetchFromGitHub; };
in stdenv.mkDerivation rec {
inherit (source) src;
@ -24,9 +24,11 @@ in stdenv.mkDerivation rec {
xz
lzo
openblas
opencv
qtbase
qtmultimedia
qtscript
qtserialport
superlu
];

View file

@ -2,20 +2,55 @@
# opentoonz requires its own modified version of libtiff. We still build it as
# a separate package
# 1. For visibility for tools like vulnix, and
# 2. To avoid a diamond-dependency problem with qt linking the normal libtiff
# and opentoonz linking qt and this modified libtiff, we build a qt against
# this modified libtiff as well.
# 2. To avoid a diamond-dependency problem with opencv linking the normal libtiff
# and opentoonz linking opencv and this modified libtiff, we build an opencv
# against this modified libtiff as well.
#
# We use a separate mkDerivation rather than a minimal libtiff.overrideAttrs
# because the main libtiff builds with cmake and this version of libtiff was
# forked before libtiff gained CMake build capability (added in libtiff-4.0.5).
{ lib, fetchFromGitHub, stdenv, pkg-config, zlib, libjpeg, xz, libtiff, }:
{ fetchFromGitHub, libtiff }:
let source = import ./source.nix { inherit fetchFromGitHub; };
in libtiff.overrideAttrs (old: {
inherit (source) src;
in stdenv.mkDerivation {
pname = "libtiff";
version = source.versions.libtiff + "-opentoonz";
postUnpack = (old.postUnpack or "") + ''
inherit (source) src;
outputs = [ "bin" "dev" "out" "man" "doc" ];
nativeBuildInputs = [ pkg-config ];
propagatedBuildInputs = [ zlib libjpeg xz ];
postUnpack = ''
sourceRoot="$sourceRoot/thirdparty/tiff-${source.versions.libtiff}"
'';
# opentoonz uses internal libtiff headers
postInstall = (old.postInstall or "") + ''
postInstall = ''
cp libtiff/{tif_config,tif_dir,tiffiop}.h $dev/include
'';
})
meta = libtiff.meta // {
knownVulnerabilities = [''
Do not open untrusted files with Opentoonz:
Opentoonz uses an old custom fork of tibtiff from 2012 that is known to
be affected by at least these 50 vulnerabilities:
CVE-2012-4564 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127
CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2015-1547
CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2015-8870
CVE-2016-3620 CVE-2016-3621 CVE-2016-3623 CVE-2016-3624 CVE-2016-3625
CVE-2016-3631 CVE-2016-3632 CVE-2016-3633 CVE-2016-3634 CVE-2016-3658
CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5102 CVE-2016-5314
CVE-2016-5315 CVE-2016-5316 CVE-2016-5318 CVE-2016-5319 CVE-2016-5321
CVE-2016-5322 CVE-2016-5323 CVE-2016-6223 CVE-2016-9453 CVE-2016-9532
CVE-2017-9935 CVE-2017-9937 CVE-2018-10963 CVE-2018-5360
CVE-2019-14973 CVE-2019-17546 CVE-2020-35521 CVE-2020-35522
CVE-2020-35523 CVE-2020-35524
More info at https://github.com/opentoonz/opentoonz/issues/4193
''];
maintainers = with lib.maintainers; [ chkno ];
};
}

View file

@ -3,14 +3,14 @@
{ fetchFromGitHub, }: rec {
versions = {
opentoonz = "1.4.0";
libtiff = "4.0.3";
opentoonz = "1.5.0";
libtiff = "4.0.3"; # The version in thirdparty/tiff-*
};
src = fetchFromGitHub {
owner = "opentoonz";
repo = "opentoonz";
rev = "v${versions.opentoonz}";
sha256 = "0vgclx2yydsm5i2smff3fj8m750nhf35wfhva37kywgws01s189b";
sha256 = "1rw30ksw3zjph1cwxkfvqj0330v8wd4333gn0fdf3cln1w0549lk";
};
}

View file

@ -1,16 +1,33 @@
{ mkDerivation, lib, fetchFromGitLab, cmake
, boost, netcdf, hdf5, fftwSinglePrec, muparser, openssl, ffmpeg, python
, qtbase, qtsvg, qttools, qscintilla }:
{ mkDerivation
, lib
, stdenv
, fetchFromGitLab
, cmake
, boost
, bzip2
, ffmpeg
, fftwSinglePrec
, hdf5
, muparser
, netcdf
, openssl
, python3
, qscintilla
, qtbase
, qtsvg
, qttools
, VideoDecodeAcceleration
}:
mkDerivation rec {
pname = "ovito";
version = "3.4.0";
version = "3.6.0";
src = fetchFromGitLab {
owner = "stuko";
repo = "ovito";
rev = "v${version}";
sha256 = "1y3wr6yzpsl0qm7cicp2mppfszxd0fgx8hm99in9wff9qd0r16b5";
sha256 = "sha256-yQ8gSe/QM1RRNxk4bDJ+K5QX0eYjZ+iG3QOHj01tJhY=";
};
nativeBuildInputs = [
@ -19,17 +36,20 @@ mkDerivation rec {
buildInputs = [
boost
netcdf
hdf5
fftwSinglePrec
muparser
openssl
bzip2
ffmpeg
python
fftwSinglePrec
hdf5
muparser
netcdf
openssl
python3
qscintilla
qtbase
qtsvg
qttools
qscintilla
] ++ lib.optionals stdenv.isDarwin [
VideoDecodeAcceleration
];
meta = with lib; {
@ -37,5 +57,6 @@ mkDerivation rec {
homepage = "https://ovito.org";
license = with licenses; [ gpl3Only mit ];
maintainers = with maintainers; [ twhitehead ];
broken = stdenv.isDarwin; # clang-11: error: no such file or directory: '$-DOVITO_COPYRIGHT_NOTICE=...
};
}

View file

@ -1,91 +1,87 @@
{ lib
, buildDotnetModule
, dotnetCorePackages
, fetchFromGitHub
, buildDotnetPackage
, dotnetPackages
, gtksharp
, gettext
, gtk3
, installShellFiles
, librsvg
, makeDesktopItem
, wrapGAppsHook
}:
let
mono-addins = dotnetPackages.MonoAddins;
in
buildDotnetPackage rec {
buildDotnetModule rec {
pname = "Pinta";
version = "1.7.1";
version = "2.0";
outputFiles = [ "bin/*" ];
buildInputs = [ gtksharp mono-addins gettext ];
xBuildFiles = [ "Pinta.sln" ];
nativeBuildInputs = [
installShellFiles
wrapGAppsHook
];
runtimeDeps = [ gtk3 ];
dotnet-sdk = dotnetCorePackages.sdk_6_0;
dotnet-runtime = dotnetCorePackages.runtime_6_0;
# How-to update deps:
# $ nix-build -A pinta.fetch-deps
# $ ./result
# $ cp /tmp/Pinta-deps.nix ./pkgs/applications/graphics/pinta/default.nix
# TODO: create update script
nugetDeps = ./deps.nix;
projectFile = "Pinta";
src = fetchFromGitHub {
owner = "PintaProject";
repo = "Pinta";
rev = version;
sha256 = "sha256-yRp/dpJ9T4DieqHTj3vhyuASPGe4vjHw0rSXFrTNZVc=";
sha256 = "sha256-wqqNPyy5h/hTDm2u5MDZx1ds5qWAxy1/BY/fX4PeA88=";
};
# Remove version information from nodes <Reference Include="... Version=... ">
postPatch = with lib; let
csprojFiles = [
"Pinta/Pinta.csproj"
"Pinta.Core/Pinta.Core.csproj"
"Pinta.Effects/Pinta.Effects.csproj"
"Pinta.Gui.Widgets/Pinta.Gui.Widgets.csproj"
"Pinta.Resources/Pinta.Resources.csproj"
"Pinta.Tools/Pinta.Tools.csproj"
];
versionedNames = [
"Mono\\.Addins"
"Mono\\.Posix"
"Mono\\.Addins\\.Gui"
"Mono\\.Addins\\.Setup"
];
stripVersion = name: file:
let
match = ''<Reference Include="${name}([ ,][^"]*)?"'';
replace = ''<Reference Include="${name}"'';
in
"sed -i -re 's/${match}/${replace}/g' ${file}\n";
# Map all possible pairs of two lists
map2 = f: listA: listB: concatMap (a: map (f a) listB) listA;
concatMap2Strings = f: listA: listB: concatStrings (map2 f listA listB);
in
concatMap2Strings stripVersion versionedNames csprojFiles
+ ''
# For some reason there is no Microsoft.Common.tasks file
# in ''${mono}/lib/mono/3.5 .
substituteInPlace Pinta.Install.proj \
--replace 'ToolsVersion="3.5"' 'ToolsVersion="4.0"' \
--replace "/usr/local" "$out"
# FIXME: this should be propagated by wrapGAppsHook already, however for some
# reason it is not working. Maybe a bug in buildDotnetModule?
preInstall = ''
gappsWrapperArgs+=(
--prefix XDG_DATA_DIRS : "${gtk3}/share/gsettings-schemas/${gtk3.name}"
--set GDK_PIXBUF_MODULE_FILE ${librsvg}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
)
'';
makeWrapperArgs = [
"--prefix MONO_GAC_PREFIX : ${gtksharp}"
"--prefix LD_LIBRARY_PATH : ${gtksharp}/lib"
"--prefix LD_LIBRARY_PATH : ${gtksharp.gtk.out}/lib"
];
postInstall = ''
# Do automake's job manually
substitute xdg/pinta.desktop.in xdg/pinta.desktop \
# Rename the binary
mv $out/bin/Pinta $out/bin/pinta
# Copy desktop icons
for size in 16x16 22x22 24x24 32x32 96x96 scalable; do
mkdir -p $out/share/icons/hicolor/$size/apps
cp xdg/$size/* $out/share/icons/hicolor/$size/apps/
done
# Copy runtime icons
cp -r Pinta.Resources/icons/hicolor/16x16/* $out/share/icons/hicolor/16x16/
# Install manpage
installManPage xdg/pinta.1
# Fix and copy desktop file
# TODO: fix this propely by using the autoreconf+pkg-config build system
# from upstream
mkdir -p $out/share/applications
substitute xdg/pinta.desktop.in $out/share/applications/Pinta.desktop \
--replace _Name Name \
--replace _Comment Comment \
--replace _GenericName GenericName \
--replace _X-GNOME-FullName X-GNOME-FullName
substitute xdg/pinta.appdata.xml.in xdg/pinta.appdata.xml \
--replace _p p
xbuild /target:CompileTranslations Pinta.Install.proj
xbuild /target:Install Pinta.Install.proj
--replace _X-GNOME-FullName X-GNOME-FullName \
--replace _Keywords Keywords
'';
meta = {
homepage = "https://www.pinta-project.com/";
description = "Drawing/editing program modeled after Paint.NET";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ ];
maintainers = with lib.maintainers; [ thiagokokada ];
platforms = with lib.platforms; linux;
mainProgram = "pinta";
};
}

View file

@ -0,0 +1,12 @@
{ fetchNuGet }: [
(fetchNuGet { pname = "AtkSharp"; version = "3.24.24.34"; sha256 = "1jn1vgi9xm0jp7769k6sbdi8d273kigjrsh93i6s4c03hqxv7cqs"; })
(fetchNuGet { pname = "CairoSharp"; version = "3.24.24.34"; sha256 = "0pydn1k0cam1gclg9sc1sbnmbyzh28qlc5qanyxcylwghink3kgz"; })
(fetchNuGet { pname = "GdkSharp"; version = "3.24.24.34"; sha256 = "0r0x0yib7chwsyrbpvicrfwldwqx5lyqq4p86zaxpmzd6zdaj0x5"; })
(fetchNuGet { pname = "GioSharp"; version = "3.24.24.34"; sha256 = "02hxvgjd4w9jpzbkk7qf9q9bkvyp5hfzwxfqp10vg5lpl9yl3xpx"; })
(fetchNuGet { pname = "GLibSharp"; version = "3.24.24.34"; sha256 = "0kvp033fgdwc8p2abfp5z9pzq66cvwbnjfvr4v4bkpy5s5h181kq"; })
(fetchNuGet { pname = "GtkSharp"; version = "3.24.24.34"; sha256 = "0028hzmmqyfx87qqmaf9cgb5psn7gkbmqvixcid67x1d6mzxjicb"; })
(fetchNuGet { pname = "NGettext"; version = "0.6.7"; sha256 = "1lnq1lgd80xqn80qwq5ipfjnd7nl1ghinjc3krnd546r0c7hwqky"; })
(fetchNuGet { pname = "PangoSharp"; version = "3.24.24.34"; sha256 = "1r0h14cklglfpv1lhv93cxmzi2w7d5s03gzpq3j5dmrz43flg9zw"; })
(fetchNuGet { pname = "ParagonClipper"; version = "6.4.2"; sha256 = "0pam44f7iayqjz8nh1x29gxdd4dj00i7m5883cpa64i192pgl94c"; })
(fetchNuGet { pname = "SharpZipLib"; version = "1.3.3"; sha256 = "1gij11wfj1mqm10631cjpnhzw882bnzx699jzwhdqakxm1610q8x"; })
]

View file

@ -17,13 +17,13 @@
mkDerivation rec {
pname = "CopyQ";
version = "4.1.0";
version = "6.0.1";
src = fetchFromGitHub {
owner = "hluk";
repo = "CopyQ";
rev = "v${version}";
sha256 = "1iacnd9dn0mrajff80r2g5nlks5sch9lmpl633mnyqmih9dwx2li";
sha256 = "sha256-edrRgnjbszqJLbGLE4anCJSGApymvK0O+2ks5jWe8aw=";
};
nativeBuildInputs = [
@ -42,15 +42,6 @@ mkDerivation rec {
wayland
];
patches = [
# Install the bash completion script correctly
# Remove once 4.1.1 is released
(fetchpatch {
url = "https://github.com/hluk/CopyQ/commit/aca7222ec28589af0b08f63686104b992d63ee42.patch";
sha256 = "0d440d0zsdzm9cd0b6c42y9qbrvxg7gdam0qmif62mr8qa0ylidl";
})
];
postPatch = ''
substituteInPlace shared/com.github.hluk.copyq.desktop.in \
--replace copyq "$out/bin/copyq"

View file

@ -10,17 +10,24 @@
stdenv.mkDerivation rec {
pname = "free42";
version = "3.0.8";
version = "3.0.9";
src = fetchFromGitHub {
owner = "thomasokken";
repo = pname;
rev = "v${version}";
sha256 = "sha256-nZCuFumAyeUxRmmtd6/qvXk3LVZgbDhlsDygXMWDfp0=";
hash = "sha256-ZSwqgHsfe9apyYZ1fkvDMnQxdNb9E8U1l9jvC9t693w=";
};
nativeBuildInputs = [ copyDesktopItems pkg-config ];
buildInputs = [ gtk3 alsa-lib ];
nativeBuildInputs = [
copyDesktopItems
pkg-config
];
buildInputs = [
alsa-lib
gtk3
];
postPatch = ''
sed -i -e "s|/bin/ls|ls|" gtk/Makefile
@ -30,23 +37,24 @@ stdenv.mkDerivation rec {
buildPhase = ''
runHook preBuild
make -C gtk cleaner
make --jobs=$NIX_BUILD_CORES -C gtk
make -C gtk clean
make --jobs=$NIX_BUILD_CORES -C gtk BCD_MATH=1
runHook postBuild
'';
preInstall = ''
installPhase = ''
runHook preInstall
install --directory $out/bin \
$out/share/doc/${pname} \
$out/share/${pname}/skins \
$out/share/icons/hicolor/48x48/apps \
$out/share/icons/hicolor/128x128/apps
'';
installPhase = ''
runHook preInstall
install -m755 gtk/free42dec gtk/free42bin $out/bin
install -m644 gtk/README $out/share/doc/${pname}/README-GTK
install -m644 README $out/share/doc/${pname}/README
@ -54,6 +62,7 @@ stdenv.mkDerivation rec {
install -m644 gtk/icon-48x48.xpm $out/share/icons/hicolor/48x48/apps
install -m644 gtk/icon-128x128.xpm $out/share/icons/hicolor/128x128/apps
install -m644 skins/* $out/share/${pname}/skins
runHook postInstall
'';

View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "gpxsee";
version = "10.0";
version = "10.1";
src = fetchFromGitHub {
owner = "tumic0";
repo = "GPXSee";
rev = version;
sha256 = "sha256-XACexj91TLd/i2GoFr0zZ3Yqcg+KjKoWWPfCGsEIR04=";
sha256 = "sha256-tU37dKBxzz+sxe4R7xbscpD28if8QOm6xpZEOdhK8lE=";
};
patches = (substituteAll {

View file

@ -11,11 +11,11 @@ buildGoModule rec {
sha256 = "sha256-6bqtw0hUrRBhTwEDURaTjgl3aVVCbfxjoPRfhSd3LK8=";
};
vendorSha256 = "sha256-CO+7WgoTsFCd9vkcALKcJP6Kj3CIWr5FF75/WgbK04g=";
vendorSha256 = "sha256-M4pKAxNd8rqluVm+c+X+nxC/vcaVclebo9HP17yEpfo=";
doCheck = false;
runVend = true;
proxyVendor = true;
tags = [ "extended" ];

View file

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "mdzk";
version = "0.4.3";
version = "0.5.0";
src = fetchFromGitHub {
owner = "mdzk-rs";
repo = "mdzk";
rev = version;
sha256 = "sha256-VUvV1XA9Bd3ugYHcKOcAQLUt0etxS/Cw2EgnFGxX0z0=";
sha256 = "sha256-NkoKQKcww5ktEbxbOY6WP8OemCB+rvXbuN9oSPjLE3Y=";
};
cargoSha256 = "sha256-lZ4fc/94ESlhpfa5ylg45oZNeaF1mZPxQUSLZrl2V3o=";
cargoSha256 = "sha256-uJ00tGiKtcYghFUh0fcYg4nZc/o8yhvlVs+6/aRNY5s=";
buildInputs = lib.optionals stdenv.isDarwin [ CoreServices ];

View file

@ -0,0 +1,76 @@
{ lib
, fetchFromGitHub
, docutils
, gettext
, glibcLocales
, glib-networking
, gobject-introspection
, gtk3
, python3
, python3Packages
, steam-run-native
, unzip
, webkitgtk
, wrapGAppsHook
}:
python3Packages.buildPythonApplication rec {
pname = "minigalaxy";
version = "1.1.0";
src = fetchFromGitHub {
owner = "sharkwouter";
repo = pname;
rev = version;
sha256 = "sha256-BbtwLuG5TH/+06Ez8+mwSAjG1IWg9/3uxzjmgPHczAw=";
};
checkPhase = ''
runHook preCheck
env HOME=$PWD LC_ALL=en_US.UTF-8 pytest
runHook postCheck
'';
nativeBuildInputs = [
gettext
wrapGAppsHook
];
buildInputs = [
glib-networking
gobject-introspection
gtk3
];
checkInputs = with python3Packages; [
glibcLocales
pytest
tox
];
pythonPath = [
docutils
python3.pkgs.pygobject3
python3.pkgs.requests
python3.pkgs.setuptools
python3.pkgs.simplejson
steam-run-native
unzip
webkitgtk
];
# Run Linux games using the Steam Runtime by using steam-run in the wrapper
postFixup = ''
sed -e 's#exec -a "$0"#exec -a "$0" ${steam-run-native}/bin/steam-run#' -i $out/bin/minigalaxy
'';
meta = with lib; {
homepage = "https://sharkwouter.github.io/minigalaxy/";
changelog = "https://github.com/sharkwouter/minigalaxy/blob/${version}/CHANGELOG.md";
downloadPage = "https://github.com/sharkwouter/minigalaxy/releases";
description = "A simple GOG client for Linux";
license = licenses.gpl3;
maintainers = with maintainers; [ srapenne ];
platforms = platforms.linux;
};
}

View file

@ -1,9 +1,15 @@
{ lib, buildGoPackage, fetchFromGitHub}:
{ lib
, buildGoPackage
, fetchFromGitHub
, withSpeech ? true
, makeWrapper
, espeak-ng
}:
buildGoPackage rec {
pname = "mob";
version = "2.1.0";
goPackagePath = "github.com/remotemobprogramming/mob";
src = fetchFromGitHub {
rev = "v${version}";
@ -12,11 +18,22 @@ buildGoPackage rec {
sha256 = "sha256-K8ID8cetzCaMc/PVRNMyIhrshtEUiD6U/jI4e0TcOO4=";
};
nativeBuildInputs = [
makeWrapper
];
goPackagePath = "github.com/remotemobprogramming/mob";
preFixup = lib.optionalString withSpeech ''
wrapProgram $out/bin/mob \
--set MOB_VOICE_COMMAND "${lib.getBin espeak-ng}/bin/espeak"
'';
meta = with lib; {
description = "Tool for swift git handover";
description = "Tool for smooth git handover";
homepage = "https://github.com/remotemobprogramming/mob";
license = licenses.mit;
maintainers = [ maintainers.ericdallo ];
maintainers = with maintainers; [ ericdallo ];
platforms = platforms.linux ++ platforms.darwin;
};
}

View file

@ -5,8 +5,8 @@ let
description = "PrusaSlicer fork with more features and faster development cycle";
versions = {
stable = { version = "2.3.57.8"; sha256 = "sha256-k1G9sFukYyCqVeJIbYgjJX9T8zqmFTmjmj9OXZ78+LY="; };
latest = { version = "2.3.57.8"; sha256 = "sha256-k1G9sFukYyCqVeJIbYgjJX9T8zqmFTmjmj9OXZ78+LY="; };
stable = { version = "2.3.57.9"; sha256 = "sha256-JWZ6PdzKwxdyp7StYuW69XGbTPoxaIJ2R4Ynmc65hvE="; };
latest = { version = "2.3.57.9"; sha256 = "sha256-JWZ6PdzKwxdyp7StYuW69XGbTPoxaIJ2R4Ynmc65hvE="; };
};
override = { version, sha256 }: super: {

View file

@ -0,0 +1,24 @@
{ lib, rustPlatform, fetchFromGitHub, testVersion, sigi }:
rustPlatform.buildRustPackage rec {
pname = "sigi";
version = "2.1.1";
src = fetchFromGitHub {
owner = "hiljusti";
repo = pname;
rev = "v${version}";
sha256 = "sha256-y0m1AQE5qoUfPZjJfo7w5h+zZ1pbz8FkLFDM13MTWvQ=";
};
cargoSha256 = "sha256-NTjL57Y1Uzk5F34BW3lB3xUpD60Opt0fGWuXHQU5L3g=";
passthru.tests.version = testVersion { package = sigi; };
meta = with lib; {
description = "CLI tool for organization and planning";
homepage = "https://github.com/hiljusti/sigi";
license = licenses.gpl3;
maintainers = with maintainers; [ hiljusti ];
};
}

View file

@ -1,27 +0,0 @@
{ lib, stdenv
, fetchurl
, unzip
}:
stdenv.mkDerivation rec {
pname = "smos";
version = "0.1.0";
src = fetchurl {
url = "https://github.com/NorfairKing/smos/releases/download/v${version}/smos-release.zip";
sha256 = "sha256:07yavk7xl92yjwwjdig90yq421n8ldv4fjfw7izd4hfpzw849a12";
};
dontInstall = true;
unpackCmd = "${unzip}/bin/unzip -d $out $curSrc";
sourceRoot = ".";
meta = with lib; {
description = "A comprehensive self-management system";
homepage = "https://smos.online";
license = licenses.mit;
maintainers = with maintainers; [ norfair ];
platforms = platforms.linux ++ platforms.darwin;
};
}

View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, cmake, qt4, qscintilla }:
{ lib, stdenv, fetchFromGitHub, cmake, qt4, qscintilla-qt4 }:
stdenv.mkDerivation rec {
pname = "sqliteman";
@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ cmake ];
buildInputs = [ qt4 qscintilla ];
buildInputs = [ qt4 qscintilla-qt4 ];
prePatch = ''
sed -i 's,m_file(0),m_file(QString()),' Sqliteman/sqliteman/main.cpp
@ -20,8 +20,8 @@ stdenv.mkDerivation rec {
preConfigure = ''
cd Sqliteman
sed -i 's,/usr/include/Qsci,${qscintilla}/include/Qsci,' cmake/modules/FindQScintilla.cmake
sed -i 's,PATHS ''${QT_LIBRARY_DIR},PATHS ${qscintilla}/libs,' cmake/modules/FindQScintilla.cmake
sed -i 's,/usr/include/Qsci,${qscintilla-qt4}/include/Qsci,' cmake/modules/FindQScintilla.cmake
sed -i 's,PATHS ''${QT_LIBRARY_DIR},PATHS ${qscintilla-qt4}/libs,' cmake/modules/FindQScintilla.cmake
'';
meta = with lib; {

View file

@ -1,4 +1,13 @@
{ lib, stdenv, fetchFromGitHub, intltool, glib, pkg-config, udev, util-linux, acl }:
{ lib
, stdenv
, fetchFromGitHub
, acl
, glib
, intltool
, pkg-config
, udev
, util-linux
}:
stdenv.mkDerivation rec {
pname = "udevil";
@ -13,32 +22,41 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkg-config ];
buildInputs = [ intltool glib udev ];
buildInputs = [
glib
intltool
udev
];
configurePhase = ''
preConfigure = ''
substituteInPlace src/Makefile.in --replace "-o root -g root" ""
# do not set setuid bit in nix store
substituteInPlace src/Makefile.in --replace 4755 0755
./configure \
--prefix=$out \
--with-mount-prog=${util-linux}/bin/mount \
--with-umount-prog=${util-linux}/bin/umount \
--with-losetup-prog=${util-linux}/bin/losetup \
--with-setfacl-prog=${acl.bin}/bin/setfacl \
--sysconfdir=$prefix/etc
'';
configureFlags = [
"--with-mount-prog=${util-linux}/bin/mount"
"--with-umount-prog=${util-linux}/bin/umount"
"--with-losetup-prog=${util-linux}/bin/losetup"
"--with-setfacl-prog=${acl.bin}/bin/setfacl"
"--sysconfdir=${placeholder "out"}/etc"
];
postInstall = ''
substituteInPlace $out/lib/systemd/system/devmon@.service \
--replace /usr/bin/devmon "$out/bin/devmon"
'';
patches = [ ./device-info-sys-stat.patch ];
patches = [
# sys/stat.h header missing on src/device-info.h
./device-info-sys-stat.patch
];
meta = with lib; {
description = "A command line Linux program which mounts and unmounts removable devices without a password, shows device info, and monitors device changes";
homepage = "https://ignorantguru.github.io/udevil/";
platforms = platforms.linux;
description = "Mount without password";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ AndersonTorres ];
platforms = platforms.linux;
};
}

View file

@ -1,7 +1,7 @@
{ lib
, fetchFromGitHub
, asciidoc-full
, buildPythonApplication
, asciidoc-full
, docopt
, gettext
, gobject-introspection
@ -19,15 +19,17 @@
buildPythonApplication rec {
pname = "udiskie";
version = "2.3.3";
version = "2.4.0";
src = fetchFromGitHub {
owner = "coldfix";
repo = "udiskie";
rev = "v${version}";
hash = "sha256-OeNAcL7jd8GiPVUGxWwX4N/G/jzxfyifaoSD/hXXwyM=";
hash = "sha256-T4kMPMXfehZT7P+TOd1llR2TbHPA/quNL545xxlmJfE=";
};
outputs = [ "out" "man" ];
nativeBuildInputs = [
asciidoc-full # Man page
gettext
@ -40,7 +42,7 @@ buildPythonApplication rec {
gtk3
libappindicator-gtk3
libnotify
librsvg # Because it uses SVG icons
librsvg # SVG icons
udisks2
];
@ -50,11 +52,13 @@ buildPythonApplication rec {
pyyaml
];
postBuild = "make -C doc";
postBuild = ''
make -C doc
'';
postInstall = ''
mkdir -p $out/share/man/man8
cp -v doc/udiskie.8 $out/share/man/man8/
mkdir -p $man/share/man/man8
cp -v doc/udiskie.8 $man/share/man/man8/
'';
checkInputs = [

View file

@ -161,6 +161,18 @@ let
./patches/no-build-timestamps.patch
# For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags:
./patches/widevine-79.patch
] ++ lib.optionals (versionRange "98" "99") [
# A critical Ozone/Wayland fix:
(githubPatch {
# [linux/wayland] Fixed terminate caused by binding to wrong version.
commit = "dd4c3ddadbb9869f59cee201a38e9ca3b9154f4d";
sha256 = "sha256-FH7lBQTruMzkBT2XQ+kgADmJA0AxJfaV/gvtoqfQ4a4=";
})
(githubPatch {
# [linux/wayland] Fixed terminate caused by binding to wrong version. (fixup)
commit = "a84b79daa8897b822336b8f348ef4daaae07af37";
sha256 = "sha256-2x6/rGGzTC6lKLMkVyD9RNCTsMVrtRQyr/NjSpaj2is=";
})
];
postPatch = ''

View file

@ -1,21 +1,21 @@
{
"stable": {
"version": "96.0.4664.110",
"sha256": "1s3ilq0ik36qgqp7l88gfd1yx97zscn8yr2kprsrjfp9q8lrva9n",
"sha256bin64": "17cyj1jx47fz6y26f196xhlngrw5gnjgcvapvgkgswlwd7y67jcb",
"version": "97.0.4692.71",
"sha256": "0z7ximvm4a78kxyp4j0i2jzklxazpw6jcqi9jkaf8bvq9ga8kqca",
"sha256bin64": "1z1d50i5pvqaw6hjdxwasbznzgqwrnd1z8jmy2x05b6i49vd7r9j",
"deps": {
"gn": {
"version": "2021-09-24",
"version": "2021-11-03",
"url": "https://gn.googlesource.com/gn",
"rev": "0153d369bbccc908f4da4993b1ba82728055926a",
"sha256": "0y4414h8jqsbz5af6pn91c0vkfp4s281s85g992xfyl785c5zbsi"
"rev": "90294ccdcf9334ed25a76ac9b67689468e506342",
"sha256": "0n0jml8s00ayy186jzrf207hbz70pxiq426znxwxd4gjcp60scsa"
}
},
"chromedriver": {
"version": "96.0.4664.45",
"sha256_linux": "15wybxlh38sw7f2bzalf9ivfp8262cpcvhq08nw9d2cj3j39f13m",
"sha256_darwin": "0r3b8wgbd8xjb09f4vc402gp77y2aqjk9hpqvvr6xgdr7nqym20f",
"sha256_darwin_aarch64": "1yynw8ngs2655blnf1s6r9flbxlwgaybdvgl6r6h7ppl974dl7rm"
"version": "97.0.4692.36",
"sha256_linux": "11x28m31bsfq1flqrsa5mawss39kznia2ig5ams5qkm2v5p3y39d",
"sha256_darwin": "1ysnfvj0795yc3g8sbz7g9mhc5j0sxm2r3ad2fh13sarnhn6wrs4",
"sha256_darwin_aarch64": "09m1qpk6901gqs4c7isgryffhb92szfzbxfybxhn2g5i4wrns6j7"
}
},
"beta": {

Some files were not shown because too many files have changed in this diff Show more